Re: Configuring LXC containers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 3/11/24 14:38, Patrick O'Callaghan wrote:
> On Mon, 2024-03-11 at 09:16 -0700, Mike Wright wrote:
>> On 3/11/24 08:41, Mike Wright wrote:
>>> On 3/11/24 04:33, Patrick O'Callaghan wrote:
>>>> On Sun, 2024-03-10 at 22:56 -0700, Mike Wright wrote:
>>>>> On 3/10/24 15:40, Patrick O'Callaghan wrote:
>>>>>> On Sun, 2024-03-10 at 11:13 -0700, Mike Wright wrote:
>>>>>>> The last two lines are key.  Add these flags: -F -o
>>>>>>> logfile.  The
>>>>>>> default loglevel is ERROR.  If you want more detail include
>>>>>>> -l
>>>>>>> LEVEL.
>>>>>>>
>>
>>>> AFAIK 'apparmor' is a Ubuntu-ism. Both my system and the system
>>>> in the
>>>> container are Fedora 39.
>>
>>> That one puzzles me, too.  However, there is no corresponding
>>> lxc.selinux setting.  lxc was a canonical/ubuntu creation so my
>>> first
>>> reaction was the same as yours but from some of the comments I've
>>> read
>>> on https://discuss.linuxcontainers.org ( another forum with *lots*
>>> of
>>> empty space ) that it or something like it may have been integrated
>>> into
>>> lxc.
>>
>> CORRECTION: the above paragraph is wrong.
>>
>> A much easier to read manpage:
>>
>> https://manpages.ubuntu.com/manpages/bionic/en/man5/lxc.container.conf.5.html 
>>
>
> This appears to the manpage at lxc-container.conf(5).
Yes, sans-serif is easier for me to read. White BG (although I prefer dark theme) is also a lot better for me than white on black manpages. 

>
>> § SELINUX CONTEXT
>>
>> lxc.selinux.context
>>
>> Specify the SELinux context under which the container should be run
>> or
>> unconfined_t. For example
>>
>>       lxc.selinux.context = system_u:system_r:lxc_t:s0:c22
>>
>
> I added that to the config file. It made no difference.

Try this ( works with lxc.apparmor.context ).

lxc.selinux.context = generated

...and also ~/.local/lxc/default.conf with these contents:

lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

That way the lxc.idmap lines are not required in each config.
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux